Most organizations today are facing a rapid increase in the number of client devices -- endpoints like desktops,...
laptops, smartphones and tablets. An employee may have three or four endpoints that have been issued by the organization, as well as one or more personal devices. Multiply these by the number of users in your organization and the sheer volume of endpoints IT must manage becomes overwhelming.
Each endpoint in your organization represents multiple attack vectors against the organization's systems, networks and, most importantly, sensitive data. Organizations are increasingly focused on safeguarding their sensitive data, such as customer databases, patient health records and financial information. At the same time, users are demanding increased access to this sensitive data from their organization-issued and personally owned endpoints.
It's become even more important for organizations to protect endpoints that access their network against numerous daily threats. A single data breach on an endpoint -- anything from a malware infection on a laptop to a lost smartphone holding a sensitive database -- can cost an organization millions of dollars and seriously damage its reputation. According to a Ponemon study, the average cost of a U.S. data breach in 2014 was $12.7 million; in 2012 it was $5.4 million.
To prevent such incidents from occurring, composite software suites known as endpoint protection software have been developed. These suites use a combination of prevention and detection techniques to identify malicious activity and treat it accordingly by blocking malicious network traffic or preventing malicious software from being executed. Endpoint protection software is also used to identify known vulnerabilities in endpoints, such as incorrect security configuration settings and missing patches for operating systems and applications.
Many of the technologies bundled within endpoint protection software have been available for many years as standalone products or in loosely bundled product suites. Examples include antimalware software, host-based firewalls (also known as personal firewalls) and host-based intrusion detection/intrusion prevention software. What makes endpoint protection software different from standalone products or loose bundles is that the endpoint protection software's components are fully integrated into a single product, with a single interface and management capability. Ideally, all the parts of endpoint protection software work together seamlessly. This creates a solution that's superior to using separate standalone products or loosely bundled product suites, and attempting to integrate the individual components after the fact.
The capabilities most often provided by endpoint protection software include:
- Antimalware software
- application whitelisting
- Device control
- Endpoint data loss prevention
- Enterprise mobile device management
- Host-based firewalls
- Host-based intrusion detection/prevention systems
- Storage encryption
- Vulnerability assessment
Most endpoint protection software offers several, but not all, of these capabilities. However, products are rapidly evolving to cover all these capabilities, and their vendors are preparing to add the next generation of security capabilities to these products in the future.
About the author:
Karen Scarfone is senior cybersecurity engineer at tapestry technologies Inc. and the principal consultant for Scarfone Cybersecurity in Clifton, Va. She provides cybersecurity publication consulting services, specializing in network and system security guidelines. Scarfone was formerly a senior computer scientist for the National Institute of Standards and Technology (NIST), where she oversaw the development of system and network security publications for federal civilian agencies and the public.
The endpoint security market is booming, but isn't antivirus dead?
Get help keeping pace with emerging endpoint security technologies